Evolution Vulnerability

2008-06-26T00:00:00

Description

Application: Evolution 2.22.2 OS: Linux - Ubuntu 8.04 ------------------------------------------------------ 1 - Description 2 - Vulnerability 3 - POC/EXPLOIT ------------------------------------------------------ Description Evolution is an email client that is built with ubuntu. ------------------------------------------------------ Vulnerability The vulnerability works when mail is sent and specially armed with html code, this causes the client to break. Analyzing with a debugger, you can see the failure with the following function. 0xb7a219d7 in html_engine_get_view_width () from /usr/lib/libgtkhtml-3.14.so.19 ------------------------------------------------------ POC/EXPLOIT The proof of concept can be done locally, when you save the following code in a html file and then load it into an e-mail from the new option "insert" and "html file", as that could verify the client is broken. <IFRAME SRC="A"></IFRAME> <FRAMESET><FRAME SRC="A"></FRAMESET> ------------------------------------------------------ Juan Pablo Lopez Yacubian

{"id": "SECURITYVULNS:DOC:20090", "bulletinFamily": "software", "title": "Evolution Vulnerability", "description": "\r\nApplication: Evolution 2.22.2\r\nOS: Linux - Ubuntu 8.04\r\n------------------------------------------------------\r\n1 - Description\r\n2 - Vulnerability\r\n3 - POC/EXPLOIT\r\n\r\n\r\n------------------------------------------------------\r\nDescription\r\n\r\nEvolution is an email client that is built with ubuntu.\r\n\r\n\r\n------------------------------------------------------\r\nVulnerability\r\n\r\n \r\nThe vulnerability works when mail is sent and specially armed with html code, this causes the client to break.\r\n\r\nAnalyzing with a debugger, you can see the failure with the following function.\r\n\r\n\r\n0xb7a219d7 in html_engine_get_view_width () from /usr/lib/libgtkhtml-3.14.so.19\r\n\r\n\r\n------------------------------------------------------\r\nPOC/EXPLOIT\r\n\r\n \r\nThe proof of concept can be done locally, \r\nwhen you save the following code in a html file and then load it into an e-mail from the new option "insert" and "html\r\nfile",\r\nas that could verify the client is broken.\r\n\r\n<IFRAME SRC="A"></IFRAME>\r\n<FRAMESET><FRAME SRC="A"></FRAMESET>\r\n\r\n------------------------------------------------------\r\nJuan Pablo Lopez Yacubian", "published": "2008-06-26T00:00:00", "modified": "2008-06-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20090", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:26", "edition": 1, "viewCount": 17, "enchantments": {"score": {"value": -0.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9115"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9115"]}]}, "exploitation": null, "vulnersScore": -0.0}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645258575, "score": 1659803227}, "_internal": {"score_hash": "44b7e13ce0f4afa63bba1e76f9151b6b"}}